EFTEL PRIVACY POLICY

This Privacy Policy applies to Eftel Pty Ltd (Eftel, we us, our). Eftel is
a member of the M2 Group, being a wholly owned subsidiary of M2
Group Ltd.

Eftel provides internet, mobile and telephone products and services,
predominately to residential customers. Eftel is committed to protecting
the privacy and personal information of its customers. This Privacy
Policy describes the practices and processes Eftel has in place to properly
manage and safeguard that information.

PRIVACY LAWS THAT APPLY TO EFTEL

Eftel is required to comply with the Privacy Act 1988 (Cth) and is bound
by the Australian Privacy Principles ('APPs') set out in that Act. The APPs
establish minimum standards for the collection, use, disclosure and handling
of personal information. They apply to personal information in any
form, including electronic and digital form. The APPs can be accessed at
the website of the office of the Australian Information Commissioner:
www.privacy.gov.au.

Eftel is also subject to other laws relating to the protection of personal
information. In particular, Eftel is subject to privacy obligations under
the Telecommunications Act 1997 (Cth). Eftel's direct marketing activities
must also comply with the Do Not Call Register Act 2006 (Cth) and the
Spam Act 2010 (Cth). If Eftel collects health information, it may be required
to comply with statutory requirements relating to health records.

In this Privacy Policy, unless the context otherwise requires:

'Privacy Law' refers to any legislative or other legal requirement that
applies to Eftel's collection, use, disclosure or handling of personal information.

'Personal information' means information or an opinion about an
identified individual or an individual who is reasonably identifiable,
whether the information or opinion is true or not and whether the
information or opinion is recorded in material form or not. Personal
information includes sensitive information.

manage and administer the products and services we provide, including
for billing and credit control purposes;

inform customers about changes and improvements in Eftel products
and services;

market Eftel products and services to current and prospective customers;

market third party products and services to current and prospective
customers; and

comply with our legal obligations.

Eftel needs to be able to collect personal information for most of its
business activities, although the information we require depends on the
particular circumstances. If we are unable to collect the personal information
we need, we may be unable to meet the expectations of our customers
or provide the products and services they wish to receive.

WHOSE PERSONAL INFORMATION DOES EFTEL COLLECT?

Eftel collects or holds personal information about individuals who are:

Prospective customers. This includes people we think may be interested
in our products and services as well as people who have expressed
interest in obtaining or learning more about those products
and services.

Current customers. This includes people who purchase Eftel products
or services or who hold an account with Eftel.

Past customers. These are people who have purchased Eftel products
or services but do not currently hold any active Eftel account.

Eftel may treat current and past customers as prospective customers for
other Eftel products and services.

Eftel may collect personal information about associates of its customers,
such as family members, employees or agents. For example, Eftel may
collect personal information about nominated or authorised representatives,
the holder of a credit card that is used to pay a customer's account,
a person who acts as a secondary account holder, a person who acts as
guarantor for a credit contract, the landlord of a tenanted property or
the nominated contact on a business account.

Eftel may in rare circumstances collect personal information from people
who are under the age of 18. If Eftel does this, Eftel may also collect personal
information about the parent or guardian of that person.

Eftel also collects personal information about all the individuals who are
involved in providing Eftel products and services. This includes:

staff of Eftel Group entities and other companies in the M2 group;
and

service providers and suppliers, agents and affiliates, and their staff.

CAN YOU DEAL WITH EFTEL WITHOUT IDENTIFYING YOURSELF?

In some limited situations customers and other individuals may be able
to deal with Eftel anonymously or using a pseudonym. For example, if
you make a general inquiry to one of our call centres, or want to make a
complaint or log a service fault unless the inquiry or complaint relates to
a particular account.

However, if you do not wish to be identified we may not be able to provide
the information or assistance you require.

WHAT PERSONAL INFORMATION DOES EFTEL USUALLY COLLECT?

Eftel collects a wide range of personal information about its customers,
but the type and amount of information collected depends on the particular
business context. However, Eftel seeks at all times to ensure that it
only collects the personal information that is necessary for the purposes
of its business activities.

Eftel needs to collect basic identifying and contact information for all
customers, including prospective customers. This will usually include
name, date of birth, email address, telephone number(s) and residential
address. For corporate and business customers, Eftel collects information
about nominated contacts, including name and title or position, date
of birth, telephone number(s) and email and business addresses.

Eftel also collects information about purchasing patterns, consumer
preferences and attitudes from prospective and current customers for
marketing purposes, including to analyse markets, develop marketing
strategies and to identify and develop products and services that may be
of interest to its customers.

When you become, or apply to become, a Eftel customer, Eftel collects a
range of other information that that it needs to assess your application
and manage your account(s). This includes:

Proof of identity information, including passport number, driver
licence number or other government identifiers. We need this information
to ensure our customer records are accurate and up-to-date.
We also may be required to obtain proof of identity information by
law. For example, we are required under the Telecommunications Act
1997 to obtain specified proof of identity information before providing
certain mobile telephone services.

Financial and credit information, including credit history, employment
history, remuneration details, bank account and credit card
information, information about assets and income and details of relevant
court judgments and bankruptcies. We need this information to
assess creditworthiness and financial suitability of current and prospective
customers.

Information about medical conditions and concession entitlement.
We need this information to assess eligibility for concessions
or other benefits that may be available with Eftel products or services.

Information relating to occupancy. We may need information to establish
that a customers has rights to occupy the property to which we
provide services, and for this purpose may require copies of tenancy
agreements, mortgage records or utility bills or supply records.

Information relating to change of name or status, which may
include marriage certificates, death certificates and other official
documentation. We may need this information where we are asked
to close or transfer an account.

Employment information, including information about employment
history including current and past employers. We may need this information
to assess the financial position of a person who applies to
become a Eftel customer.

Integrated Public Number Database (IPND). In providing telecommunications
services, Eftel is required by law to collect certain
personal information about you, including your name, address, telephone
service number and other public number customer details, and
to provide it to the operator of the IPND) for inclusion in the IPND.
Information in the IPND is used to develop directories and to assist
emergency service organisations. If your phone number is unlisted,
your information will be marked accordingly in the IPND and its use
and disclosure will be strictly controlled.

We also collect information about the way our customers use Eftel products
and services. This includes information about:

service usage (including use of communications services, internet
usages);

responses to offers made and/or promotions run by Eftel or its affiliates;

payment patterns and history; and

inquiries and complaints.

We collect information about our employees and prospective employees
for the purpose of making employment decisions and managing our staff.
We also collect information about suppliers, service providers, agents
and affiliates, and their staff, for the purposes of conducting our day-today
business activities.

HOW DOES EFTEL COLLECT PERSONAL INFORMATION?

We collect personal information by various means and via various media,
depending on the particular business context.

We collect information about prospective customers both directly and
via our agents, service providers and affiliates. We may collect this information:

when you make an inquiry at a Eftel kiosk, Eftel dealer or Eftel event;

through our door to door sales activities;

through our call centres;

through Eftel websites, or websites operated by Eftel's affiliates;

through social media platforms such as Twitter and Facebook; and

through the purchase of marketing lists, databases and data aggregation
services.

When you become or apply to become a Eftel customer, in addition to
collecting personal information directly from you, we may also collect
information about you from our agents and affiliates, credit reporting
agencies, your past and present employers, current service providers,
family members or associates and other third parties.

When you apply to become a Eftel customer, we will ask you to consent
to us collecting information from particular third parties. We will only
collect personal information from those parties if you consent. If you do
not consent, we may not be able to provide the service or product you
require. We are authorised to collect some personal information from
third parties under Privacy Law.

Eftel receives unsolicited personal information from time to time. In
accordance with its obligations under Privacy Law, Eftel will decide
whether it would have been permitted to solicit and collect that information
and if it would not have been, will destroy or de-identify the information
(provided it is lawful to do so).

WHAT INFORMATION WILL EFTEL GIVE YOU WHEN IT
COLLECTS PERSONAL INFORMATION?

Eftel is required by Privacy Law to take reasonable steps to ensure that
you are made aware of certain information when it collects personal information
about you. For example, we are required to:

tell you which Eftel entity you are dealing with and how to contact it;

make sure you are aware that we have collected the information (if we
collect it from a third party without your knowledge);

identify any law that authorises or requires collection of the information;

let you know the purposes for which we collect the information, the
entities that the information is likely to be disclosed to and whether
the information will be transferred outside Australia; and

tell you how to access our Privacy Policy and complaint handling procedures.

This Privacy Policy sets out this information in general terms. However,
where we collect personal information in relation to a particular product
or service, and the information we are required to provide is not likely
to be obvious from the circumstances, we usually provide the required
information in a 'collection statement'. The way we do this will depend on
how you are dealing with us. For example:

When personal information is collected via the Eftel website or any
affiliate website that Eftel may advertise on, a statement is displayed
or a link provided to a statement that sets out the information we are
required to provide.

A statement containing the required information is printed on the
sign-up page of most of the standard forms we use to collect personal
information.

When you deal with us on the telephone, this information is given to
you by the operator or via a recorded message.

If we collect personal information about you from a third party, we take
reasonable steps to ensure you receive the information we are required
to provide. However, we may do this by requiring the third party to
provide the information, rather than us providing the information to you
directly.

We may also include information about our collection of personal information
in welcome packs, customer account statements, update bulletins,
notices and other documents we give to our customers.

EFTEL'S USE AND DISCLOSURE OF PERSONAL INFORMATION

Where Eftel collects personal information for a particular purpose,
it may use and disclose the information for that purpose or another
purpose that is related to that purpose (or that is directly related to that
purpose in the case of sensitive information). For example:

Personal information collected from you for the purpose of establishing
or managing an account may be used and disclosed for related
purposes such as identity verification, credit checking, assessing entitlement
to concessions, supplying and servicing a product, connecting
and administering a service, billing and collection in relation to the
service and investigating and rectifying complaints or faults.

Personal information collected for the purpose of establishing or
managing an account may also be used for the purpose marketing of
other Eftel products and services. Eftel may contact prospective,
current or past customers about products and services (including
products not related to a product or service previously supplied).

Eftel may use personal information about prospective, current and past
customers for the purpose of direct marketing of Eftel products and services
or those of other organisations. Direct marketing communications
may be sent via post, e-mail, telephone, door to door canvassing, social
media sites or other means. However:

Eftel will not use sensitive information for direct marketing purposes
without your consent.

Unless you have provided consent, or we think it is impracticable to
obtain your consent, Eftel will not use your personal information for
direct marketing purposes where we have obtained the personal information
from a third party, or we have collected it directly from you
but believe that you would not reasonably expect the information to
be used for direct marketing.

Whenever we communicate with you for direct marketing purposes,
we will give you the opportunity to opt out of receiving further direct
marketing communications from Eftel.

You may opt out of receiving direct marketing communications from
Eftel at any time by contacting us at support@eftel.com.au or calling
1300 550 550.

If we use your personal information to facilitate direct marketing by
other organisations on behalf of other organisations, you can ask us to
provide the source of the information by contacting us at support@
eftel.com.au or calling 1300 550 550.

Personal information about Eftel staff, agents, affiliates and service providers
is used and may be disclosed for the purpose of managing the relationship
with the staff member or other entity.

Eftel may disclose personal information about Eftel customers to a
range of third parties. For example, depending on the type of product
or service, Eftel may disclose customer information to a wholesaler or
other third party who provides or assists to provide the service.

Eftel may disclose information to government agencies (such as Centrelink)
for the purpose of establishing or verifying eligibility for concessions
and similar entitlements.

Eftel may also disclose personal information for credit checking, collection
or credit reporting purposes to a credit reporting agency or credit
collection agency, in accordance with the requirements of the Privacy Act
1988.

Personal information may also be disclosed to third party agents and
service providers who Eftel engages to assist in the provision of products
and services. These include:

Personal information Eftel obtains in connection with the provision of
telecommunications services may be disclosed in accordance with requirements
of the Telecommunications Act 1997 (Cth) and the Telecommunications
(Interception and Access) Act 1979 (Cth). This includes disclosure:

to the Telecommunications Industry Ombudsman for the purpose of
complaint management;

in connection with directory assistance, emergency service calls or
other urgent services, and in particular to the operator of the Inte7.
grated Public Number Database (IPND) for inclusion in the IPND,
including your name, address, telephone service number and other
public number customer details, and to provide it. (Information in the
IPND is used to develop directories and to assist emergency service
organisations. If your phone number is unlisted, your information will
be marked accordingly in the IPND and its use and disclosure will be
strictly controlled.); and

to law enforcement agencies for law enforcement or security purposes;
and

Eftel may also disclose personal information without consent as authorised
by privacy law for a range of other purposes, including:

where necessary to prevent or lessen a serious threat to health or
safety;

for law enforcement or crime prevention purposes;

for the investigation of unlawful activity;

for location of missing persons; and

for use in legal proceedings or dispute resolution.

In situations other than those described above, Eftel will not disclose
personal information without the customer's consent (although consent
may be implied).

IS PERSONAL INFORMATION DISCLOSED OUTSIDE AUSTRALIA?

Eftel discloses some personal information to persons or organisations
that are outside Australia.

Eftel's customer service and marketing call centre operations are
based in Manila, Philippines. Personal information about prospective,
current and past customers is accessed by our Manila based
staff for the purpose of sales and marketing, customer service, correspondence,
provisioning, fault management and technical support
activities.

Database and webhosting services provided to Eftel involve personal
information being transferred to IT service providers based in India,
Philippines, Singapore, New Zealand, the United Kingdom, Canada
and the United States of America.

HOW DOES EFTEL PROTECT YOUR PERSONAL
INFORMATION?

Eftel recognises the importance of protecting your personal information
and of ensuring that it is complete, accurate, up-to-date and relevant.

When you call Eftel, we complete an ID check to verify your identity and
to check the details we hold about you are correct and to update them if
required. For some safety critical information, for example medical information
required to ensure priority assistance, we initiate checks on
an annual basis.

We have documented processes for verifying personal information collected
for particular transactions, such as proof of occupancy, change of
occupier and priority assistance. Our staff are trained to properly handle
the different types of information they receive, particularly sensitive information.
We have quality assurance measures in place to monitor calls
to ensure that our processes are being followed.

While some of the personal information we collect is held in hardcopy
form, most personal information is stored in electronic databases.

We have extensive processes in place to ensure that our information
systems and files are kept secure from unauthorised access and interference.
These include:

System access is controlled by logins and different security levels.
Access to customer information for all staff (including agents in our
Manila call centre) is centrally controlled. Access requests must be
supported by a request from senior management.

Access authorisation is layered and access authorisations are specific
to the job function of each staff member. For example, staff with
responsibility for fault management have no access to credit card information.
Staff are only trained in areas of the system specific to the
function of their job.

Functional restrictions apply. Remote access is only available to selected
senior staff members. Measures are taken to prevent printing,
copying or recording of customer information that can be accessed
electronically. For example, call centre team members work in a paperless
environment, cannot print information and are not permitted
to have mobile phones or cameras on the call centre floor.

Account and system access and modification is logged to enable
access or modification of any customer record by any staff member
to be identified. Audits of access logs are conducted periodically.

Our employees undergo privacy and information security training on
induction and are required to sign acknowledgements of their obligations
in relation information security and appropriate use of our IT
systems.

We have contractual arrangements in place with our agents, service
providers and affiliates that require them to have comply with applicable
privacy laws and Eftel privacy policies. Our contractual arrangements
with third parties who are outside Australia are designed
to ensure that personal information transferred to those parties is afforded
the same level of protection as would apply to the information
in Australia.

CAN YOU ACCESS OR CORRECT PERSONAL INFORMATION
EFTEL HOLDS ABOUT YOU?

You have a right to access personal information we hold about you. If
your request is particularly complex or requires detailed searching of
our records, there may be a cost to you in order for us to provide you
with this information.

If you believe there are errors in the information we hold about you, you
have a right to ask us to correct the information.

However, we are not required to provide access where we believe doing
so would:

prejudice law enforcement or crime prevention activities;

pose a serious threat to health or safety;

have an unreasonable impact on the privacy of other individuals;

prejudice Eftel in legal proceedings or negotiations with you;

reveal information connected with a commercially sensitive decision
making process; or

be contrary to law.

If you wish to have access to information Eftel holds about you, you
should contact Eftel Customer Service.

DEALING WITH EFTEL ON-LINE

This Privacy Policy also applies to personal information that you email to
us, provide by using our website or provide via social media sites.

We store the Internet Protocol (IP) address of your computer when you
visit our site. This information is used only to create broad demographic
summaries of where our users come from. Our use of these IP addresses,
however, does not go so far as to identify the actual users of the site.

We collect personal information about the other websites that are
visited by computers that are used to visit our site. This information may
be aggregated to provide us with information about the types of webpages
and websites, or particular webpages and websites, visited by
computers that use our site.

Our website may use cookies and web-beacons. While cookies and web
beacons can be used to statistically monitor and analyse the use of our
site and to identify information about the computer used to visit our site,
we do not use them for that purpose and will not attempt to use them to
identify or target individual visitors to our website.

Note that this privacy policy does not apply to, and Eftel is not responsible
for, the use of, or the protection of information provided to, other
websites linked to this website.

COMPLAINTS AND FURTHER INFORMATION

If you believe your privacy has been interfered with and wish to make a
complaint, please contact our Privacy Officer. The Privacy Officer will
investigate your complaint and notify you of the outcome.

If it appears from your complaint that there has been an interference
with privacy by a person other than Eftel, the Privacy Officer may
discuss the complaint with that person in an attempt to resolve it.

If you are dissatisfied with the outcome of your complaint, or you do
not receive a response to your complaint within 30 days, you may make
a complaint to the Office of the Australian Information Commissioner
(OAIC). Complaints to the OAIC must be made in writing. Where possible,
complaints to the OAIC should be made through the online Privacy
Complaint form, available at www.oaic.gov.au/privacy/making-a-privacy-
complaint.

If you would like further information on this Privacy Policy or if you have
any concerns over the protection of your personal information, please
contact